Network security firm Cloudflare Inc. today denied a report that it suffered a data leak after the records of some 3 million customers were found on the shady corner of the internet called the dark web.

The claim comes from the National Coordination Center for Cybersecurity at the National Security and Defense Council of Ukraine, which said the data included real IP addresses of websites that should have been hidden to prevent distributed denial of service attacks. The NCCC noted that the records included 45 gov.ua domains, or Ukrainian government domains, and more than 6,500 .ua domains, including “resources belonging to critical infrastructure objects.”

“The NCCC experts have already analyzed the information regarding Ukrainian websites: information on some resources is outdated. However, the other part remains relevant,” Interfax Ukraine reported. “Owners of compromised resources are encouraged, if possible, to promptly change the IP addresses of web resources and increase the monitoring of cyberattacks on these resources.”

Cloudflare denied that the data has come from the company, telling HackRead today that “we have investigated in detail an alleged leak of DNS information concerning Cloudflare’s customers. The information posted on social media is not the result of a leak or breach of our systems. The published data is available through standard DNS queries on the open internet, rather than the result of a leak or breach.”

The spokesperson added that “Cloudflare provides different services to different customers. Some customers use us for security services. Some use us for performance services. Some customers make use of both. The published information reflects a small fraction of Cloudflare customers who either use Cloudflare only for DNS resolution or only for performing services and therefore have not configured Cloudflare to secure their origin server.”

Complicating the story somewhat is that HackRead uncovered a website that claims to host more than 2.5 million IP addresses belonging to websites powered by Cloudflare. The site, which pitches itself as “uncovering bad guys hiding behind Cloudflare,” is easily found via Google and appears to be a sort of vigilante site. Whether the IP addresses being offered by the site are linked in any way is not clear, but the site does state that it provides updated Cloudflare IP lists every three weeks.

The alleged data leak comes after Cloudflare suffered an outage July 17 that was blamed on a configuration error.

Image: Cloudflare